53 matches found
SUSE CVE-2023-28645
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
TotalJS OpenPlatform 跨站脚本漏洞
TotalJS OpenPlatform is a simple enterprise-ready platform for TotalJS individual developers. It is used to run, integrate and manage multiple web applications. A security vulnerability exists in version b80b09d of TotalJS OpenPlatform, which stems from the presence of a stored cross-site scripti...
The vulnerability of the Ethernet interfaces of Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory, allowing attackers to cause system failures.
The vulnerability of the Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures using specially created OPC packets...
Design/Logic Flaw
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...
CVE-2022-39232
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete...
The vulnerabilities of opcua and asyncua libraries are related to uncontrolled resource consumption, which allows attackers to cause service failures.
The vulnerability of opcua and asyncua libraries is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the OPC UA node-opcua software implementation, related to incorrect resource cleanup or release, allows a perpetrator to trigger a service failure.
The vulnerability of the OPC UA node-opcua software implementation is related to incorrect cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of implementations of data transfer specifications in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy lies in the uncontrolled recursion involved. This allows attackers to trigger service failures.
The vulnerability of data transmission implementations in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy is related to uncontrolled recursion. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
CVE-2021-32994
Softing OPC UA C++ SDK Software Development Kit versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locatio...
Schneider Electric ConneXium Network Manager Software 安全漏洞
Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric, France. A security vulnerability exists in the Schneider Electric ConneXium Network Manager Software prior to version 03.23 and the Belden...
Jenkins Release Helper Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a software project that is a Java-based continuous integration tool for monitoring continuous and repetitive work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated.A cross-site request forgery vulnerability exists...
CVE-2021-42577
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference...
CVE-2021-42262
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...
OPMS 跨站请求伪造漏洞
OPMS is an OA management system. v1.3 and previous versions of OPMS contain a security vulnerability that can be exploited to add arbitrary user accounts via /user/add...
backstage path traversal vulnerability
backstage is an application. Backstage is an open platform for building developer portals Backstage has a path traversal vulnerability, which stems from the fact that the product does not effectively restrict the write path for users with scaffold template write permissions, and can be exploited ...
Design/Logic Flaw
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...
CVE-2021-41151
CVE-2021-41151 (Backstage) : A path traversal vulnerability in the Backstage scaffolder backend allows reading sensitive files from the environment where Scaffolder Tasks run. An attacker can craft a custom Scaffolder template using a pull-request publishing action (e.g., publish:github:pull-requ...
CVE-2021-32662
In CVE-2021-32662, the npm package @backstage/techdocs-common (versions before 0.6.3) is affected by a path traversal vulnerability via mkdocs.yml: an attacker who can modify docs_dir in the documentation source and access the TechDocs backend could read sensitive files from the build environment...
backstage 代码问题漏洞
Backstage is the open platform for building developer portals. An unspecified vulnerability exists in Backstage. An attacker could exploit the vulnerability to access sensitive data...
CVE-2020-12526
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of...